It is difficult to predict exactly what cyber security threats companies will face in 2023, as the landscape is constantly evolving. However, assumption can be drawn by basing judgement on trends and the overall cyber landscape leading into the new year. As it has come to be expected, as the world continues to become increasingly digitalised, cyber-attacks continue to rise with it. As with regular crime, common cyber-crime follows money, as such, it is not surprising to expect that phishing and ransomware attacks will continue to lead the way into 2023 as the most effective attacker vectors for financial gain.
With the great leaps in consumer engagements with AI brought by OpenAI’s GPT-3, one of the top concerns in the cybersecurity community has been AI’s role in facilitating cyber-crime, with the most obvious use being AI assisted phishing attacks. Tools have already spotted on the internet which display how this concept could be implemented. One impressing use of this technology was shared on Reddit by user Jonathan-Todd. Jonathan’s implementation involved asking GPT to write a tool by itself that would use itself to come up with phishing scenarios based on the posting history of other reddit users.
AI could be used to create more targeted and personalised phishing attacks by analysing an individual's online behaviour, social media activity, and other data to create more convincing phishing emails. Another potential use could be to automate the process of sending out phishing emails, and parsing victim replies, potentially allowing attackers to scale their campaigns and reach a larger number of people. With enough of a sample size, the AI could analyse victim replies to ascertain how susceptible they would be to fraud. AI could also be used to analyse spam filters and find ways to bypass them, making it more likely that phishing emails will reach their intended targets.
A trend noticed in recent times has been a sharp increase in premiums for cyber security insurance, as a response to insurance carriers taking significant losses on ransomware and incident recovery costs. This increase has been recorded throughout 2022, with rates of increase that dwarf the overall insurance market. In the UK, in Q1 of 2022, cyber security premiums saw an increase of 102%, Q2 saw a cumulative increase of 68%, and Q3 saw a further increase of 66%. Putting it into perspective, an insurance product of equivalent cover and terms worth £2000 at the end of 2021 would be £4,040 at the end of Q1 of 2022, £6,787 end of Q2, and £11266 end of Q3. Insurance carriers are raising the entry bar across cyber security insurance products. In 2023 and beyond, companies will be required to enforce basic cyber security practices such as multi-factor authentication. Failure to do so will result in companies having to pay very steep insurance premiums or being refused cover by carriers.
Throughout 2022, the world saw a tremendous rise in political tensions, caused by Russia's war in Ukraine, China's resentment over the United States shows of support for Taiwan, Iran’s armament of Russia and the protests in Iran, as well as the recent threats of nuclear bolstering from North Korea. These four nation states are the prime supporters of state-sponsored cyber threat groups and on the back of the increased adversity seen last year, the world should prepare for increased cyber activity in 2023. State sponsored cyber-attacks can be launched for a variety of reasons, such as to gather intelligence, disrupt critical infrastructure, or interfere with political processes. These cyber-attacks are often highly sophisticated and well-funded, and they can be difficult to defend against. They may involve the use of advanced malware, zero-day vulnerabilities, and other tactics designed to evade detection. Famous cases of state-sponsored cyber-attacks include:
In 2010, a piece of malware called Stuxnet was discovered that had been used to target industrial control systems in Iran. The attack was later attributed to the U.S. and Israel.
In 2010, a series of cyber-attacks were launched against a number of high-tech companies, including Google and Adobe. The attacks were later attributed to the Chinese government.
In 2020, a major supply chain attack was launched against a number of U.S. government agencies and private sector companies. The attack, which was later attributed to Russia, involved the use of a software update mechanism to install malware on victim systems.
2023 is building up to potentially be the most eventful year in cyber security, with cyber insurance carriers being more wary than ever, world tensions being at their highest since the cold war, and with AI as a potent new weapon in the adversary’s arsenal.
At our core, we believe in the power of personalised guidance. Whether you have questions or feedback, we're here to listen and support you every step of the way. Reach out via the form and we will be in touch as soon as possible.